Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Can You Help Me Please!

  • Please log in to reply



    New Member

  • Member
  • Pip
  • 2 posts
I'm hoping that you guys can help me. For about a month I've tried everything to get rid of these two viruses. I'm not sure if they are two separate ones or working together. The file names are OLEADM.DLL and the other is WININET.DLL. My virus scan finds both but can't clean, delete or quarintine either one. I have used Spybot and Ad-aware SE but neither find these files. Also I tried to download the Ewido Security Suite but keep getting a message saying, "C:\Documents & Setting\(My Name)\Local Settings\Temporary Internet Files\Content IE5\98G3HXK5\ewido-setup.exe" is not a valid Win32 apllication so I can't install it. CWShedder says I'm clean so no problems there either. I'm hoping that with the HackerThis program log you guys can help me fix this problem. Also I do not have the Windows XP Service Pack 2 installed due to I am a college student and many of the programs I must use have compatiability problems. Also my teachers told all students to not install the program because it causes more problems than it is worth. I hope this will not cause any issues I just want to get these problems fixed.

Logfile of HijackThis v1.99.1
Scan saved at 6:39:55 PM, on 7/18/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\NoAds\NoAds.exe
C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\PROGRA~1\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Documents and Settings\Diane Behrends\Desktop\HiJack This Program Helper\HijackThis.exe

O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] C:\PROGRA~1\COMMON~1\AOL\AOL Spyware Protection\AOLSP Scheduler.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O4 - Startup: 360Share On Startup.lnk = C:\Program Files\360Share\Gui\360Share.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - (no file)
O9 - Extra button: AbsolutePoker.net - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\All Users\Start Menu\Programs\AbsolutePoker NET\AbsolutePoker NET.lnk
O9 - Extra 'Tools' menuitem: AbsolutePoker.net - {5E72AD5A-20DF-4ca4-9B7B-D9717FFDE0C5} - C:\Documents and Settings\All Users\Start Menu\Programs\AbsolutePoker NET\AbsolutePoker NET.lnk
O9 - Extra button: Microsoft® JavaScript® Console - {70214AF2-2F84-4E83-B6D5-3AE1C81A5749} - C:\Program Files\Audio Converter All-in-one\Comdlg32.ocx
O9 - Extra 'Tools' menuitem: JavaScript Console - {70214AF2-2F84-4E83-B6D5-3AE1C81A5749} - C:\Program Files\Audio Converter All-in-one\Comdlg32.ocx
O9 - Extra button: (no name) - {83D5556F-4224-4fc7-A578-4D09AAD5DED4} - (no file)
O9 - Extra button: Microsoft® JavaScript® Console - {F0AFAE8F-A10C-438D-8B8A-CACC8297D77C} - C:\Program Files\Audio Converter All-in-one\Comdlg32.ocx
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - C:\WINNT\System32\shdocvw.dll (HKCU)
O9 - Extra button: Microsoft® JavaScript® Console - {70214AF2-2F84-4E83-B6D5-3AE1C81A5749} - C:\Program Files\Audio Converter All-in-one\Comdlg32.ocx (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {70214AF2-2F84-4E83-B6D5-3AE1C81A5749} - C:\Program Files\Audio Converter All-in-one\Comdlg32.ocx (HKCU)
O9 - Extra button: (no name) - {83D5556F-4224-4fc7-A578-4D09AAD5DED4} - (no file) (HKCU)
O10 - Broken Internet access because of LSP provider 'c:\program files\panda software\panda platinum internet security\pavlsp.dll' missing
O15 - Trusted Zone: *.frame.crazywinnings.com
O15 - Trusted Zone: *.frame.crazywinnings.com (HKLM)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://appldnld.m7z....iTunesSetup.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{870FAF13-C549-4557-B433-91EA59D27978}: NameServer =
O17 - HKLM\System\CS1\Services\Tcpip\..\{870FAF13-C549-4557-B433-91EA59D27978}: NameServer =
O20 - AppInit_DLLs: c:\winnt\system32\hk.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: CacheBoost Performance Optimizer and Tuner Service (CacheBoost Service) - Unknown owner - C:\Program Files\CacheBoost\cbsrv.exe (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Panda Firewall Service (PAVFIRES) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum Internet Security\Firewall\PavFires.exe (file missing)
O23 - Service: Panda anti-virus service (PAVSRV) - Unknown owner - C:\Program Files\Panda Software\Panda Platinum Internet Security\pavsrv51.exe (file missing)
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINNT\system32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

Edited by lotana1, 18 July 2005 - 06:35 PM.

  • 0




    Visiting Staff

  • Member
  • PipPipPip
  • 183 posts

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

Download smitRem.zip and save the file to your desktop.
Right click on the file and extract it to it's own folder on the desktop.

Place a shortcut to Panda ActiveScan on your desktop.

Please download the trial version of Ewido Security Suite here:

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.

The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Open Ad-aware and do a full scan. Remove all it finds.

Run Ewido:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • NOTE: During some scans with ewido it is finding cases of false positives.
  • You will need to step through the process of cleaning files one-by-one.
  • If ewido detects a file you KNOW to be legitimate, select none as the action.
  • DO NOT select "Perform action on all infections"
  • If you are unsure of any entry found select none for now.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

Reboot back into Windows’ Normal mode

Download: deldomains.
To use: right-click and select: Install

Click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!
Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.
Let us know if any problems persist.

Edited by Perculator, 28 July 2005 - 02:43 PM.

  • 0



    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I'm still having trouble downloading the Ewido Security Suite. I keep getting a message saying it is not a valid WIN32 file. Am I missing a file or something? Should I continue on but do the BETA scan directly from the internet or do something else?
  • 0



    Visiting Staff

  • Member
  • PipPipPip
  • 183 posts
No problem do the beta scan and post back the report, together with a new hijack this log.

Can you also do the following for me?

Please go here: Jotti Virus Scan

Click the "browse" button and locate this file:


Click "Open", then click the "Submit" button. Copy the results and paste them here.

good luck
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP